The ISA Global Cybersecurity Alliance is a collaborative forum to advance cybersecurity awareness, education, readiness, and knowledge sharing. We create resources and content for industry professionals around the world, and we depend on our member companies to share the materials we develop. Below, you'll find images, text, and other resources to make it easy to share ISAGCA's work.


Social media graphic

General Promotional Materials: Promoting Your Role in ISAGCA

ISAGCA has provided logos, social sharing images, and more to help you promote your company's important thought leadership in automation cybersecurity. Use these materials throughout the year to call attention to your commitment to moving industry forward on these important topics.

Social Hashtags: #ISAGCA, #ISA, #InternationalSocietyofAutomation
Web Link: www.isa.org/isagca

 
 

Quick Start Guide

ISA/IEC 62443 Quick Start Guide

Share with Customers and Employees

The ISA Global Cybersecurity Alliance’s Advocacy and Adoption work group has overseen the development of a brand new, user-friendly overview of the ISA/IEC 62443 series of standards. “Quick Start Guide: An Overview of the ISA/IEC 62443 Standards” answers often-asked questions about these standards, including:

  • Why is the series of standards important? What are the benefits of using the standards?
  • How are IT and ICS systems different?
  • Which documents are part of the series and how can I navigate them to find what I need?
  • Where can I find the current recommendations around patch management?


In addition to providing a high-level view of the objectives and benefits of the series, the guide also identifies specific standards documents that are applicable to various roles within the security environment, including asset owners, automation product suppliers, system integrators, and maintenance providers.

The guide is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/cyberguide.

 
 

isagca-security-lifecycles-whitepaper-cover

Guide to Security Lifecycles in ISA/IEC 62443

Share with Customers and Employees

ISAGCA's Training and Education Work Group has coordinated the development of a guide to the security lifecycles outlined in the ISA/IEC 62443 series of standards. The guide defines principal roles and responsibilities in industrial automation and control systems (IACS), and it explores how to apply specific standards documents to each phase within the security lifecycles.

Learn the answers to common questions such as:

  • How can various roles share the responsibility of IACS cybersecurity?
  • What are the differences between the product security lifecycle and the automation solution security lifecycle?
  • Who should be accountable for cyber risk?
  • How does an organization maintain effective, resilient IACS cybersecurity?

The guide is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/securitylifecycles.

 
 

GCA-Leveraging ISA62443-7 wht paper_Page_01

Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies

Share with Customers and Employees

In this white paper, "Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies," author Hal Thomas provides the reader with an overview of ISA 62443-3-2, “Security Risk Assessment for Design,” as well as a summary of some methodologies that can be used to assist execution of the industrial automation control system (IACS) cyber security risk assessment work process requirements detailed in the standard.

The major steps include:

  • Identification of the System under Consideration (SuC)
  • Perform an Initial Cyber Risk Assessment
  • Partition the SuC into Zones and Conduits
  • Perform a Detailed Level Cyber Risk Assessment
  • Document Updated Cyber Security Requirements for Detailed Design

The white paper is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/riskassessment.

 
 

Applying ISO IEC 27001 2 and the ISA IEC 62443 Series White Paper_Page_01-2

Applying ISO/IEC 27001/2 and the ISA/IEC 62443 Series for Operational Technology Environments

Share with Customers and Employees

Many organizations have established policies and procedures governing the IT security in their office environment; many of these are based on ISO/IEC 27001/2. Some have attempted to address their operational technology (OT) infrastructure under the same management system, and have leveraged many IT/OT commonalities. The ISA/IEC 62443 series explicitly addresses issues such as these; this helps an organization to maintain conformance with ISO/IEC 27001 through common approaches wherever feasible, while highlighting differences in IT vs. OT approach where needed.

This white paper offers guidance for organizations familiar with ISO/IEC 27001 and interested in protecting the OT infrastructure of their operating facilities based on the ISA/IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/IEC 27001/2 and how both standards may be effectively used within one organization to protect both IT and OT.

The white paper is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/otstandards.

 
 

Public Policy ISAGCA- IEC 62443 - Position Paper_Page_1-1

ISA Global Cybersecurity Alliance Position on Automation Cybersecurity Requirements in Public Policy

Share with Customers and Employees

Recent discussions have surfaced in the United States and in other world governments about how to best secure automation and control systems that affect our everyday lives, especially in critical infrastructure. US President Biden issued Executive Order 14028 on May 12, 2021, addressing securing automation in critical infrastructure; and the ISA Global Cybersecurity Alliance submitted a formal response.

We hope this executive order and other measures will encourage those who support the nation’s critical infrastructure to develop and implement automation cybersecurity capabilities that will ensure the security of our way of life. This position paper describes the public policies and associated reference standards supported by the ISA Global Cybersecurity Alliance (ISAGCA).

The position paper is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/publicpolicy.

See also: ISA Global Cybersecurity Alliance Public Policy Advocacy Region: United States at www.isa.org/uspublicpolicy.

 
 

ISCI and ISAGCA Joint IIoT Study - Full Study-5_Page_01-1

Study: IIoT Component Certification Based on the 62443 Standard

Share with Customers and Employees

The ISA Global Security Alliance (ISAGCA) and the ISA Security Compliance Institute (ISCI) recently released a co-sponsored Industrial Internet of Things (IIoT) certification study entitled, “IIoT Component Certification Based on the 62443 Standard.”

The study addresses the urgent need for industry-vetted IIoT certification programs, with the goal of determining the applicability of the ISA/IEC 62443 series of standards and certifications to IIoT components and systems. This included examining whether existing 62443 requirements and methods for validating these requirements under existing certification programs are necessary and sufficient for the IIoT environment.

The study is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/iiotstudy.

 
 

Implementing-an-Industrial-Cybersecurity-Program-for-Your-Enterprise-3_Page_01-1

Implementing an Industrial Cybersecurity Program for Your Enterprise

Share with Employees and Customers

ISA/IEC 62443 provides powerful tools to reduce the risk of financial, reputational, human, and environmental impact from cyber-attacks on Industrial Automation and Control Systems (IACS). ISA/IEC 62443 has been categorized as a “horizontal standard” by the International Electrotechnical Committee (IEC), validating its applicability for a wide range of industries. Any specific company is likely to find that while most of the standard applies to their IACS, parts of it may not. For example, some “normative requirements” that are appropriate for an interstate pipeline, may not be relevant to a chemical plant or a discrete manufacturing facility. There are also obvious differences between a large-scale corporation with many sites and thousands of employees, and a small company with a few dozen staff.

It is therefore recommended that each company establishes their own IACS Cybersecurity Program to manage cybersecurity risks, and ISA/IEC 62443 2-1 provides guidance on how to establish such a security program for IACS asset owners.

The white paper is free, and requires a short form completion to download. Feel free to use the description text above for promotion. You may link to the form at www.isa.org/iacscyberprogram.

 
 

0920-ISASecure-QuickStart Guide-FINAL_Page_01-1

ISASecure Quick Start Guide

Share with Customers and Employees

ISASecure® is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards. A third-party conformity assessment scheme is also known as a certification scheme. ISASecure® currently certifies Industrial Automation and Control System (IACS) products and the security development lifecycle used by Product Suppliers. Products include IACS Systems such as DCS and SCADA, and IACS Components such as embedded devices, host devices, network devices, and software applications.

The ISA Security Compliance Institute (ISCI) is the owner and developer of the ISASecure® Certification Scheme, which is the set of rules and procedures that identifies the types of products and processes being assessed, identifies the specified requirements, and provides the methodology to perform a certification. ISCI is a non-profit subsidiary of the International Society of Automation (ISA), and includes Asset Owners, Product Suppliers, certification bodies, and other interested organizations as members. Visit ISASecure.org.

 

 
 


Join Your Colleagues in ISAGCA’s Recurring Work Group and All-Member Meetings

We invite our member companies to participate in these recurring meetings, based on your availability and interest. To be added to the invitation list for any of the meetings below, please contact Brian Peterson at bpeterson@isa.org. All meetings are generally scheduled for 1 hour.

View the List of Recurring Meetings (.pdf)


business-team-looking-at-laptop

ISA Global Cybersecurity Alliance Blog

Share with Customers and Employees

The ISA Global Cybersecurity Alliance blog features perspectives and advice from cybersecurity experts. It covers topics like digital transformation, the relationship between cybersecurity and safety, how standards are being leveraged globally, and how cybersecurity topics impact our world.

Your company can share individual blog posts, have employees and customers subscribe, and tag the International Society of Automation in your posts and/or use the #ISAGCA hashtag!

You can find the blog at www.isa.org/isagcablog. Contribute to the blog by reviewing our Submission Guidelines.

 
 

woman-megaphone-adobestock

ISA Global Cybersecurity Alliance Official Press Releases

Share with Customers and Employees

ISAGCA is always working on something new. Keep up with the latest press releases and announcements, and please feel free to repost widely. Sharing ISAGCA press releases on social media can be a great way to spread the news about your company's involvement.

 
 

THE-ADVOCATE-HEADER-1

ISAGCA e-Newsletter:
The Cybersecurity Advocate

Share with Customers and Employees

Our e-newsletter, The Cybersecurity Advocate, features articles and news from ISAGCA and its member companies. Your company can share this e-newsletter with your employees and customers, inviting them to subscribe or view past/future issues.

 
 

ISA Cybersecurity Certificate Badges-05

Exclusive for ISAGCA Member Companies: Access ISA Cybersecurity Courses and Certificates at a Discount

The ISA industrial cybersecurity training courses and knowledge-based certificate recognition program are based on ISA/IEC 62443—the world’s only consensus-based series of IACS standards, and a key component of government cybersecurity plans. The program is designed for professionals involved in IT and control system security roles who need to develop a command of industrial cybersecurity terminology and an understanding of the ISA99 standards.

As a member of ISAGCA, you can now receive volume discounts on the four on-demand, modular training courses with certificate exams. 

 
 

raise-hand-education-corporate

Speakers' Bureau: An Opportunity for Your Company's Automation Cybersecurity Experts

ISAGCA has developed an automation cybersecurity Speakers' Bureau to provide speakers for industry events, both virtual and physical, around the world. ISA often receives inquiries and invitations to speak at events, but our staff and volunteers are limited. We invite ISAGCA member companies to submit their experts to work with us as we deliver the latest, standards-based, unbiased information about cybersecurity. The link to fill out the speaker volunteer form is at isa.org/isagcaspeakersbureau.

 
 

AdobeStock_81482579-1

Join the ISA Global Cybersecurity Alliance End User Council

The ISAGCA is seeking input from end users who are interested in or are actively applying the ISA/IEC 62443 standards in industrial or manufacturing production enterprises. We would like to learn from you what is working well and where you are facing challenges.

The ISAGCA End User Council brings ICS/OT cybersecurity program leaders from global industry sectors together to share challenges, best practices, and practical solutions. We don’t require membership in ISAGCA to join the End User Council – just a willingness to engage and collaborate with your peers.

Learn more at www.isa.org/endusercouncil. 

 
 

ICS4ICS Logo_FINAL_tagline_color

Incident Command System for Industrial Control Systems (ICS4ICS)

The ISA Global Cybersecurity Alliance has joined forces with the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA's Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations.

Learn more at www.isa.org/ICS4ICS.